46% of the world’s top one million sites are ”risky”

According to the newly published State of the Web 2016 report by Menlo Security, 46% of the world’s top one million sites are ”risky”. The report labelled a website or its background sites (that provide active content to the website) as risky if it:

runs software with known vulnerabilities (CVEs);

was categorised as “known-bad”, such as hosting phishing, malware, etc;

has had a security incident in the last 12 months.

Based on these considerations, of the one million top websites around the world, 355,804 sites were either running vulnerable software or accessing vulnerable background sites; 166,853 were considered “known-bad”; and 31,938 had recently suffered a security incident. Many of them fell into more than one category.

Business and economy sites the most vulnerable

Of all the websites found risky, business and economy sites ranked number one in the vulnerable software (82,223 of the 355,804 websites) and recent security incident (5,669 of the 31,938 websites) categories, and number three in the category of known-bad sites (11,548 of the 166,853 websites).

Do you test your website for unaddressed vulnerabilities?

Frequent vulnerability assessments and penetration testing are good practice for keeping ahead of cyber criminals. Performed by qualified professionals (IT Governance’s penetration testers hold the Certified Ethical Hacker qualification), these tests look for vulnerabilities in your website and propose remedial actions to solve the problem and strengthen your security.